//Updated 06/02/2010
echo off

Date /T
Time /T
 
Verify other 2>nul
SETLOCAL ENABLEEXTENSIONS
if errorlevel 1 echo error enabling extensions
if errorlevel 0 echo Extentions Enabled Successfully!
Echo Off
Title Wouter's little Flash Fixer v1.06 (06/02/2010)
Echo Hello! Only continue if you ran this file in the root directory (e.g. E:\ff version 1.06.bat) of your flash drive. Virus files will now be removed (Hopefully) and counter-measures will be created to prevent reinfection. Viruses targetted: sachost.exe, misvh55.exe, _Fichiers.exe, tio8x6.cmd ntde1ect.com, protector.exe, RisinG.exe and some generic viruses found in the RESTORE folder of your flash drive. Use Ctrl-C and then the letter "y" to stop the program. USE AT OWN RISK!!

Pause
Echo Fixing in progress...
ECHO off
Echo Removing Attributes...
Echo off
//REMOVE VIRAL FILE/FOLDER ATTRIBUTES

attrib ntde1ect.com -H -S -R
attrib S-1-5-21-1482476501-1644491937-682003330-1013 -H -S -R
attrib S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe -H -S -R
attrib tio8x6.cmd -H -S -R
attrib RESTORE -H -S -R
attrib protector.exe -H -S -R
attrib AutoRun_Fichiers.exe -H -S -R
attrib misvh55.exe -H -S -R
attrib _Fichiers.exe -H -S -R
attrib recycle -H -S -R
attrib recycler -H -S -R
attrib recycler\k-1-3542-4232123213-7676767-8888886 -H -S -R
attrib recycler\k-1-3542-4232123213-7676767-8888886\root.exe -H -S -R
attrib recycler\k-1-3542-4232123213-7676767-8888886\r00t.exe -H -S -R
attrib autorun.ini  -H -S -R
attrib autorun.inf  -H -S -R
attrib sachost.exe -H -S -R
attrib restore\H-6-1-53-0976546321-090909032-8763-1337 -H -S -R
attrib restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe -H -S -R
attrib CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe -H -S -R
attrib CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213 -H -S -R
attrib CONFIG -H -S -R
attrib RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe -H -S -R
attrib RESTORE\k-1-3542-4232123213-7676767-8888886 -H -S -R
attrib SYSTEM\FILES\ARMY.exe -H -S -R
attrib SYSTEM\FILES -H -S -R
attrib SYSTEM -H -S -R
attrib Recycle\D-0-060-0000000000-1111111-2222222\fix.exe -H -S -R
attrib Recycle\D-0-060-0000000000-1111111-2222222 -H -S -R
attrib Recycle -H -S -R
attrib RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe -H -S -R
attrib RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 -H -S -R
attrib RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -H -S -R
attrib RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007\desktop.ini -H -S -R
attrib RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007 -H -S -R
attrib New Folder.exe -H -S -R
attrib Untitled Auto Playlist.wpl -H -S -R
attrib 3wcxx91.cmd  -H -S -R
attrib 1ce.cmd  -H -S -R
attrib zPharaoh.exe  -H -S -R
attrib new folder .exe  -H -S -R
attrib regsvr.exe -H -S -R
attrib MEMORY -H -S -R
attrib MEMORY\S-v-6-2009 -H -S -R
attrib MEMORY\S-v-6-2009\PeAcE.exe -H -S -R
attrib USBVAULT -H -S -R
attrib RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe  -H -S -R
attrib RESTORE\k-1-3542-4232123213-7676767-8888886\  -H -S -R
attrib USBVAULT\ -H -S -R
attrib USBVAULT\inf.exe -H -S -R
//attrib  -H -S -R
//attrib  -H -S -R

//DELETE VIRAL FILES
Echo Deleting Viral Executables...
Echo off
del autorun.ini  /Q /F
del S-1-5-21-1482476501-1644491937-682003330-1013\taquito.exe /Q /F
del tio8x6.cmd  /Q /F
del protector.exe  /Q /F
del autorun.inf  /Q /F
del _Fichiers.exe  /Q /F
del sachost.exe /Q  /F
del misvh55.exe /Q  /F
del ntde1ect.com /Q  /F
del recycler\k-1-3542-4232123213-7676767-8888886\root.exe /Q  /F
del recycler\k-1-3542-4232123213-7676767-8888886\r00t.exe /Q  /F
del restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe /Q /F
del AutoRun_Fichiers.exe /Q /F
del CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe /Q  /F
del RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe /Q  /F
del SYSTEM\FILES\ARMY.exe /Q  /F
del Recycle\D-0-060-0000000000-1111111-2222222\fix.exe /Q  /F
del RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe /Q  /F
del RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe /Q  /F
del RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007\desktop.ini /Q  /F
del New Folder.exe /Q  /F
del Untitled Auto Playlist.wpl /Q  /F
del 3wcxx91.cmd /Q /F
del 1ce.cmd /Q /F
del zPharaoh.exe /Q /F
del new folder .exe /Q /F
del regsvr.exe /Q /F
del MEMORY\S-v-6-2009\PeAcE.exe /Q  /F
del RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe  /Q /F
del USBVAULT\inf.exe /Q /F
//del  /Q  /F
//del  /Q  /F
//del  /Q  /F
//del  /Q  /F
//del  /Q  /F


//REMOVE VIRAL DIRECTORIES
Echo Removing Viral Directories...
Echo off
rd recycler\k-1-3542-4232123213-7676767-8888886 /Q /S
rd restore\H-6-1-53-0976546321-090909032-8763-1337 /Q /S
rd CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213 /Q /S
rd RESTORE\k-1-3542-4232123213-7676767-8888886 /Q /S
rd RESTORE\k-1-3542-4232123213-7676767-8888886 /Q /S
rd SYSTEM\FILES /Q /S
rd Recycle\D-0-060-0000000000-1111111-2222222 /Q /S
rd RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 /Q /S
rd RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 /Q /S
rd RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007 /Q /S
rd recycle  /Q /S
rd RESTORE /Q /S
rd CONFIG /Q /S
rd recycler  /Q /S
rd SYSTEM /Q /S
rd S-1-5-21-1482476501-1644491937-682003330-1013 /Q /S
rd MEMORY\S-v-6-2009 /Q /S
rd MEMORY /Q /S
rd USBVAULT /Q /S


//rd  /Q /S
//rd  /Q /S
//rd  /Q /S
//rd  /Q /S

//MAKE DUMMY DIRECTORIES
Echo Making Dummy Directories of viral files...
Echo off
md recycle
//md S-1-5-21-1482476501-1644491937-682003330-1013
md S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
//md recycle\X-5-4-27-2345678318-4567890223-4234567884-2341
md recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
md recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Desktop.ini
md tio8x6.cmd
md autorun.inf
md autorun.ini
md protector.exe
md sachost.exe
md _Fichiers.exe
md misvh55.exe
md RESTORE
md ntde1ect.com
md recycler
//md recycler\k-1-3542-4232123213-7676767-8888886
md recycler\k-1-3542-4232123213-7676767-8888886\r00t.exe
md recycler\k-1-3542-4232123213-7676767-8888886\root.exe
md restore
//md restore\H-6-1-53-0976546321-090909032-8763-1337
md restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe
md AutoRun_Fichiers.exe
md CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
md RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe
md SYSTEM\FILES\ARMY.exe
md Recycle\D-0-060-0000000000-1111111-2222222\fix.exe
md RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe
md RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
md RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007\desktop.ini
md "New Folder.exe"
md "Untitled Auto Playlist.wpl"
md 3wcxx91.cmd
md 1ce.cmd
md zPharaoh.exe
md "new folder .exe"
md regsvr.exe
md MEMORY\S-v-6-2009\PeAcE.exe
md USBVAULT
md USBVAULT\inf.exe
md RESTORE\k-1-3542-4232123213-7676767-8888886
md RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe
//md
//md
//md
//md
//md
//md

//HIDING AND PROTECTION OF DUMMIES

Echo Hiding and protecting dummy directories...
Echo off

attrib recycle +H +R +S
attrib recycle\X-5-4-27-2345678318-4567890223-4234567884-2341 +H +R +S
attrib recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe +H +R +S
attrib recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Desktop.ini +H +R +S
attrib RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe +H +R +S
attrib RESTORE\k-1-3542-4232123213-7676767-8888886 +H +R +S
attrib S-1-5-21-1482476501-1644491937-682003330-1013 +H +R +S
attrib S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe +H +R +S
attrib recycler\k-1-3542-4232123213-7676767-8888886\r00t.exe +H +R +S
attrib recycler\k-1-3542-4232123213-7676767-8888886\root.exe +H +R +S
attrib recycler\k-1-3542-4232123213-7676767-8888886 +H +R +S
attrib restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe +H +R +S
attrib restore\H-6-1-53-0976546321-090909032-8763-1337 +H +R +S
attrib AutoRun_Fichiers.exe +H +R +S
attrib CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe +H +R +S
attrib CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213 +H +R +S
attrib CONFIG +H +R +S
attrib RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe +H +R +S
attrib RESTORE\k-1-3542-4232123213-7676767-8888886 +H +R +S
attrib SYSTEM\FILES\ARMY.exe +H +R +S
attrib SYSTEM\FILES +H +R +S
attrib SYSTEM +H +R +S
attrib Recycle\D-0-060-0000000000-1111111-2222222\fix.exe +H +R +S
attrib Recycle\D-0-060-0000000000-1111111-2222222 +H +R +S
attrib RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe +H +R +S
attrib RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 +H +R +S
attrib RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe +H +R +S
attrib RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007\desktop.ini +H +R +S
attrib RECYCLER\S-1-5-21-2838802526-1344441557-847948986-1007 +H +R +S
attrib RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 +H +R +S
attrib USBVAULT\inf.exe +H +R +S
attrib RECYCLER +H +R +S
attrib "New Folder.exe" +H +R +S
attrib "Untitled Auto Playlist.wpl" +H +R +S
attrib 3wcxx91.cmd +H +R +S
attrib 1ce.cmd +H +R +S
attrib zPharaoh.exe +H +R +S
attrib "new folder .exe" +H +R +S
attrib regsvr.exe +H +R +S
attrib MEMORY\S-v-6-2009\PeAcE.exe +H +R +S /S /D
attrib MEMORY\S-v-6-2009 +H +R +S /S /D
attrib MEMORY +H +R +S /S /D
attrib USBVAULT\inf.exe +H +R +S
attrib USBVAULT +H +R +S /S /D
attrib autorun.inf  +H +R +S
attrib autorun.ini  +H +R +S
attrib sachost.exe +H +R +S
attrib _Fichiers.exe +H +R +S
attrib misvh55.exe +H +R +S
attrib protector.exe +H +R +S
attrib tio8x6.cmd +H +R +S
attrib RESTORE +H +R +S
attrib ntde1ect.com +H +R +S

//attrib  +H +R +S /S /D
//attrib  +H +R +S /S /D
//attrib  +H +R +S /S /D
//attrib  +H +R +S /S /D

Echo Program has finished doing its task. Thank you =)
Echo on
Time /T

Pause

